<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
  <meta http-equiv="Content-Type"
 content="text/html; charset=Windows-1252">
  <title>KINIT Command</title>
</head>
<body bgcolor="#ffffff" text="#000000">
<object type="application/x-oleobject"
 classid="clsid:1e2a7bd0-dab9-11d0-b93a-00c04fc99f9e"> <param
 name="Keyword" value="kinit, man">
</object>
<p><h2><a name="id_help_kinit"></a>KINIT Command</h2></p>
<p>(from UNIX man page)</p>
<pre><code>User Commands                                            KINIT(1)<br><br>NAME<br>     kinit - obtain and cache Kerberos ticket-granting ticket<br><br>SYNOPSIS<br>     kinit<br>          [-5] [-4] [-V] [-l lifetime] [-s start_time] [-r<br>          renewable_life] [-p | -P] [-f | -F] [-A] [-v] [-R] [-k<br>          [-t keytab_file]] [-c cache_name] [-S service_name]<br>          [principal]<br><br>DESCRIPTION<br>     kinit obtains and caches an initial  ticket-granting  ticket<br>     for  principal.Thetypicaldefaultbehavior Kerberos 5 tickets.<br>     However, if kinit was built with both Kerberos 4 support and<br>     with  the  default behavior of acquiring both types of tick-<br>     ets, it will try to acquire both Kerberos 5 and  Kerberos  4<br>     by default.  Any documentation particular to Kerberos 4 does<br>     not apply if Kerberos 4 support was not built into kinit.<br><br>OPTIONS<br>     -5   get Kerberos 5 tickets.  This  overrides  whatever  the<br>          default  built-in  behavior may be.  This option may be<br>          used with -4<br><br>     -4   get Kerberos 4 tickets.  This  overrides  whatever  the<br>          default  built-in behavior may be.  This option is only<br>          available if kinit was built with Kerberos  4  compati-<br>          bility.  This option may be used with -5<br><br>     -V   display verbose output.<br><br>     -l lifetime<br>          requests a ticket  with  the  lifetime  lifetime.   The<br>          value  for lifetime must be followed immediately by one<br>          of the following delimiters:<br><br>             s  seconds<br>             m  minutes<br>             h  hours<br>             d  days<br><br>          as in "kinit -l 90m".  You cannot mix units; a value of<br>          `3h30m' will result in an error.<br><br>          If the -l option is not specified, the  default  ticket<br>          lifetime (configured by each site) is used.  Specifying<br>          a ticket lifetime longer than the maximum ticket  life-<br>          time (configured by each site) results in a ticket with<br>          the maximum lifetime.<br><br>     -s start_time<br>          requests  a  postdated  ticket,   valid   starting   at<br>          start_time.   Postdated  tickets  are  issued  with the<br>          invalid flag set, and need to be fed back  to  the  kdc<br>          before use.  (Not applicaple to Kerberos 4.)<br><br>     -r renewable_life<br>          requests renewable tickets, with a  total  lifetime  of<br>          renewable_life.   The duration is in the same format as<br>          the -l option, with the same delimiters.  (Not applica-<br>          ple to Kerberos 4.)<br><br>     -f   request forwardable tickets.  (Not applicaple  to  Ker-<br>          beros 4.)<br><br>     -F   do not request forwardable tickets.  (Not applicaple to<br>          Kerberos 4.)<br><br>     -p   request proxiable tickets.  (Not applicaple to Kerberos<br>          4.)<br><br>     -P   do not request proxiable tickets.  (Not  applicaple  to<br>          Kerberos 4.)<br><br>     -A   request address-less tickets.  (Not applicaple to  Ker-<br>          beros 4.)<br><br>     -v   requests that the ticket granting ticket in  the  cache<br>          (with  the  invalid  flag set) be passed to the kdc for<br>          validation.  If the ticket is within its requested time<br>          range, the cache is replaced with the validated ticket.<br>          (Not applicaple to Kerberos 4.)<br><br>     -R   requests renewal of the ticket-granting  ticket.   Note<br>          that  an  expired ticket cannot be renewed, even if the<br>          ticket is still within its renewable life.  When  using<br>          this  option with Kerberos 4, the kdc must support Ker-<br>          beros 5 to Kerberos 4 ticket conversion.<br><br>     -k [-t keytab_file]<br>          requests a host ticket, obtained  from  a  key  in  the<br>          local host's keytab file.  The name and location of the<br>          keytab file may be specified with  the  -t  keytab_file<br>          option; otherwise the default name and location will be<br>          used.  When using this option with Kerberos 4, the  kdc<br>          must  support  Kerberos  5 to Kerberos 4 ticket conver-<br>          sion.<br><br>     -c cache_name<br>          use cache_name as the Kerberos 5  credentials  (ticket)<br>          cache  name  and  location; if this option is not used,<br>          the default cache name and location are used.<br><br>          The default credentials cache may vary between systems.<br><br>          If  the  KRB5CCNAME  environment  variable  is set, its<br>          value is used to name the default  ticket  cache.   Any<br>          existing  contents of the cache are destroyed by kinit.<br>          (Note: The default name for Kerberos 4 comes  from  the<br>          KRBTKFILE  environment  variable.  This option does not<br>          apply to Kerberos 4.)<br><br>     -S service_name<br>          specify an alternate service name to use  when  getting<br>          initial tickets.  (Applicable to Kerberos 5 or if using<br>          both Kerberos 5 and Kerberos 4 with a kdc that supports<br>          Kerberos 5 to Kerberos 4 ticket conversion.)<br><br>ENVIRONMENT<br>     Kinit uses the following environment variables:<br><br>     KRB5CCNAME      Location  of  the  Kerberos  5   credentials<br>                     (ticket) cache.<br><br>     KRBTKFILE      Filename  of  the  Kerberos   4   credentials<br>                    (ticket) cache.<br><br>FILES<br>     /tmp/krb5cc_[uid]  default location of  Kerberos  5  creden-<br>                        tials  cache ([uid] is the decimal UID of<br>                        the user).<br><br>     /tmp/tkt[uid]  default location of  Kerberos  4  credentials<br>                    cache ([uid] is the decimal UID of the user).<br><br>     /etc/krb5.keytab<br>                    default location for the local host's  keytab<br>                    file.<br><br>SEE ALSO<br>     klist(1), kdestroy(1), krb5(3)<br><br><br></code></pre>
</body>
</html>
